This is a 120 minute workshop focused on exploiting techniques of modern EAC (Electronic Access Control) systems. The workshop is designed to introduce the most common access control technologies, and provide details on their vulnerabilities and available attack methods. Attendees will be provided with significant hands-on laboratory exercises including a final challenge where students will test learned methods and win hardware gadgets offered by Opposing Force.
Lab Syllabus
Module 01 – Introduction
1×01 Introducing Electronic Access Control technologies
1×02 A brief historical introduction on access control systems attacks
Module 02 – Attacking Near Field Communication
2.1 Welcome to da (MIFARE) family
2.2 MIFARE Classic
2.2.1 Data structure
2.2.2 Communication
2.2.3 Vulnerabilities and attacks
2.2.3.1 Crypto1 – or how to NOT design your own crypto
2.3 MIFARE Ultralight
2.3.1 Data structure
2.3.2 Vulnerabilities and attacks
2.3.2.1 The Reset Attack
2.3.2.2 The Lock Attack
2.3.2.3 The Time Attack
2.3.2.4 The Reply Attack
2.4 MIFARE DESFire EV1 and EV2
2.5 Hands-on
2.5.1 Analyzing real-world examples of MIFARE Ultralight weak implementations
2.5.1.1 Hacking a custom-made door lock
2.5.1.2 Abusing a ticketing system for free rides
2.5.2 Attacking a MIFARE Classic-based EACS
Module 03 – Attacking Radio Frequency Communications
3.1 Radio Frequency and EAC systems
3.1.1 Technologies and applications
3.2 Exploring Radio Frequency communication in practice
3.2.1 What is Software Defined Radio (SDR)
3.2.2 GNU Radio Companion
3.2.2.1 The environment
3.2.2.2 Handling flow graphs and blocks
3.3 Hands-on: receiving your first transmission
3.4 SIGINT with GNU Radio
3.4.1 Signal detection
3.4.2 Analyzing modulation and data
3.5 Understanding RF communication security
3.5.1 Overview of common attacks
3.5.2 “Sniffing out” the ether
3.5.3 Replying and spoofing: identity theft in the world of RF
Module 04 – The Challenge
4.1 Challenge introduction
4.2 Hands-on
4.2.1 Planning and executing the attack
4.2.1 Results final analysis
